#!/bin/bash

# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes

# Load libraries
. /opt/bitnami/scripts/libkeycloak.sh

# Load keycloak environment variables
. /opt/bitnami/scripts/keycloak-env.sh

# Ensure keycloak environment variables are valid
keycloak_validate

# Ensure 'daemon' user exists when running as 'root'
am_i_root && ensure_user_exists "$KEYCLOAK_DAEMON_USER" --group "$KEYCLOAK_DAEMON_GROUP"

# Ensure keycloak is initialized
keycloak_initialize

# keycloak init scripts
keycloak_custom_init_scripts


# initialize kdo data
initialize_kdo () {
  sleep 180
  if kcadm.sh get realms/kdo  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD >/dev/null 2>&1;
  then
    echo "KDO平台相关数据已经存在，无需重新初始化"
    return 0
  else
    echo "开始初始化KDO平台相关数据。。。"
    export devPass=Kdo#2025
    kcadm.sh create realms -s realm=kdo -s enabled=true --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh update realms/kdo -s 'ssoSessionIdleTimeout=86400' -s 'accessTokenLifespan=43200' --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create client-scopes -r kdo \
    -b '{"name":"openid","protocol":"openid-connect","attributes":{"include.in.token.scope":"true","display.on.consent.screen":"true","consent.screen.text":"openid","claim.name":"openid"}}'  \
    --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create client-scopes -r kdo \
    -b '{"name":"groups","protocol":"openid-connect","attributes":{"include.in.token.scope":"true","display.on.consent.screen":"true","consent.screen.text":"groups","claim.name":"groups"}}' \
    --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create clients -r kdo -s clientId=kdo -s secret=kubedo -s 'optionalClientScopes=["address","microprofile-jwt","offline_access","phone"]'  \
    -s 'defaultClientScopes=["acr","email","openid","groups","profile"]' -s 'redirectUris=["*"]' -s implicitFlowEnabled=true \
    --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create users -s username=admin -r kdo -s email=admin@kube-do.dev -s emailVerified=true -s enabled=true  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh set-password  --username admin -r kdo --new-password $KEYCLOAK_ADMIN_PASSWORD --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create users -s username=pa1 -r kdo -s email=pa1@kube-do.dev -s emailVerified=true -s enabled=true  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create users -s username=dev1 -r kdo -s email=dev1@kube-do.dev -s emailVerified=true -s enabled=true  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create users -s username=qa1 -r kdo -s email=qa1@kube-do.dev -s emailVerified=true -s enabled=true  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh create users -s username=ops1 -r kdo -s email=ops1@kube-do.dev -s emailVerified=true -s enabled=true  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh set-password --username pa1 -r kdo --new-password $devPass  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh set-password --username dev1 -r kdo --new-password $devPass  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh set-password --username qa1 -r kdo --new-password $devPass  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    kcadm.sh set-password --username ops1 -r kdo --new-password $devPass  --server http://localhost:8080 --realm master --user $KEYCLOAK_ADMIN --password $KEYCLOAK_ADMIN_PASSWORD
    echo "初始化KDO平台相关数据完成"
    return 0
  fi
}
# 执行初始化KDO平台数据操作
initialize_kdo &